stevaidis/dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dev/OAuth2.md
Ste Vaidis 870508fce4 Update OAuth2.md
2024-12-15 09:41:59 +02:00

1.2 KiB
Raw Blame History

1. Authorization Request (User Initiates Login)

A user clicks on the Login with Google button on the the app xorismesiti.gr.

The app request permission to access certain Google APIs (like the user's email, profile, etc.).

GET https://accounts.google.com/o/oauth2/v2/auth?
    response_type=code&
    client_id=YOUR_GOOGLE_CLIENT_ID&
    redirect_uri=https://xorismesiti.gr/callback&
    scope=email%20profile&
    state=xyz123
  • response_type=code: This indicates you're using the "authorization code" flow.
  • client_id: Your Google API client ID.
  • redirect_uri: The URI Google will redirect to after the user consents.
  • scope: The permissions you're requesting (e.g., email, profile).
  • state: A random string to protect against CSRF attacks.

2. User Login and Consent

-The user is redirected to Google's login page. -If they're not already logged in, they will be prompted to enter their Google credentials. -After successful login, the user will be shown a consent screen where they can grant or deny permission for your app to access their Google account (e.g., email and profile information).

User Action: The user clicks "Allow" to grant access.